ahmido
1c098441aa
Implements Spec 091 “BackupSchedule Retention & Lifecycle (Archive/Restore/Force Delete)”.
- BackupSchedule lifecycle:
- Archive (soft delete) with confirmation; restores via Restore action; Force delete with confirmation and strict gating.
- Force delete blocked when historical runs exist.
- Archived schedules never dispatch/execute (dispatcher + job guard).
- Audit events emitted for archive/restore/force delete.
- RBAC UX semantics preserved (non-member hidden/404; member w/o capability disabled + server-side 403).
- Filament UX contract update:
- Create CTA placement rule across create-enabled list pages:
- Empty list: only large centered empty-state Create CTA.
- Non-empty list: only header Create action.
- Tests added/updated to enforce the rule.
Verification:
- `vendor/bin/sail bin pint --dirty`
- Focused tests: BackupScheduling + RBAC enforcement + EmptyState CTAs + Create CTA placement
Notes:
- Filament v5 / Livewire v4 compliant.
- Manual quickstart verification in `specs/091-backupschedule-retention-lifecycle/quickstart.md` remains to be checked (T031).
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #109
93 lines
3.7 KiB
PHP
93 lines
3.7 KiB
PHP
<?php
|
|
|
|
use App\Filament\Resources\BackupScheduleResource;
|
|
use App\Filament\Resources\BackupScheduleResource\Pages\ListBackupSchedules;
|
|
use App\Models\BackupSchedule;
|
|
use App\Models\Tenant;
|
|
use App\Support\Auth\UiTooltips;
|
|
use Filament\Actions\Action;
|
|
use Filament\Facades\Filament;
|
|
use Filament\Tables\Filters\TrashedFilter;
|
|
use Illuminate\Auth\Access\AuthorizationException;
|
|
use Illuminate\Support\Facades\Gate;
|
|
use Livewire\Livewire;
|
|
|
|
it('returns 404 for non-members trying to access schedule lifecycle pages', function () {
|
|
$tenant = Tenant::factory()->create();
|
|
[$user] = createUserWithTenant(role: 'owner');
|
|
|
|
$this->actingAs($user)
|
|
->get(BackupScheduleResource::getUrl('index', tenant: $tenant))
|
|
->assertNotFound();
|
|
});
|
|
|
|
it('treats members without manage capability as forbidden for archive and restore', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'readonly');
|
|
|
|
$schedule = BackupSchedule::query()->create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Lifecycle auth readonly',
|
|
'is_enabled' => true,
|
|
'timezone' => 'UTC',
|
|
'frequency' => 'daily',
|
|
'time_of_day' => '01:00:00',
|
|
'days_of_week' => null,
|
|
'policy_types' => ['deviceConfiguration'],
|
|
'include_foundations' => true,
|
|
'retention_keep_last' => 30,
|
|
]);
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(ListBackupSchedules::class)
|
|
->assertTableActionDisabled('archive', $schedule)
|
|
->assertTableActionExists('archive', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), $schedule)
|
|
->callTableAction('archive', $schedule);
|
|
|
|
expect(function () use ($user, $schedule): void {
|
|
Gate::forUser($user)->authorize('delete', $schedule);
|
|
})->toThrow(AuthorizationException::class);
|
|
|
|
$schedule->delete();
|
|
|
|
Livewire::test(ListBackupSchedules::class)
|
|
->filterTable(TrashedFilter::class, false)
|
|
->assertTableActionDisabled('restore', BackupSchedule::withTrashed()->findOrFail($schedule->id))
|
|
->assertTableActionExists('restore', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id));
|
|
|
|
expect(function () use ($user, $schedule): void {
|
|
Gate::forUser($user)->authorize('restore', $schedule->fresh());
|
|
})->toThrow(AuthorizationException::class);
|
|
});
|
|
|
|
it('treats members without tenant delete capability as forbidden for force delete', function () {
|
|
[$user, $tenant] = createUserWithTenant(role: 'manager');
|
|
|
|
$schedule = BackupSchedule::query()->create([
|
|
'tenant_id' => $tenant->id,
|
|
'name' => 'Force delete forbidden',
|
|
'is_enabled' => true,
|
|
'timezone' => 'UTC',
|
|
'frequency' => 'daily',
|
|
'time_of_day' => '01:00:00',
|
|
'days_of_week' => null,
|
|
'policy_types' => ['deviceConfiguration'],
|
|
'include_foundations' => true,
|
|
'retention_keep_last' => 30,
|
|
]);
|
|
$schedule->delete();
|
|
|
|
$this->actingAs($user);
|
|
Filament::setTenant($tenant, true);
|
|
|
|
Livewire::test(ListBackupSchedules::class)
|
|
->filterTable(TrashedFilter::class, false)
|
|
->assertTableActionDisabled('forceDelete', BackupSchedule::withTrashed()->findOrFail($schedule->id))
|
|
->assertTableActionExists('forceDelete', fn (Action $action): bool => $action->getTooltip() === UiTooltips::insufficientPermission(), BackupSchedule::withTrashed()->findOrFail($schedule->id));
|
|
|
|
expect(function () use ($user, $schedule): void {
|
|
Gate::forUser($user)->authorize('forceDelete', $schedule->fresh());
|
|
})->toThrow(AuthorizationException::class);
|
|
});
|